[PATCH] bpf: add security_file_post_open() LSM hook to sleepable_lsm_hooks

Daniel Borkmann daniel at iogearbox.net
Fri Jun 21 17:58:34 UTC 2024


On 6/18/24 9:44 PM, Paul Moore wrote:
> On Tue, Jun 18, 2024 at 3:29 PM Matt Bobrowski <mattbobrowski at google.com> wrote:
>>
>> The new generic LSM hook security_file_post_open() was recently added
>> to the LSM framework in commit 8f46ff5767b0b ("security: Introduce
>> file_post_open hook"). Let's proactively add this generic LSM hook to
>> the sleepable_lsm_hooks BTF ID set, because I can't see there being
>> any strong reasons not to, and it's only a matter of time before
>> someone else comes around and asks for it to be there.
>>
>> security_file_post_open() is inherently sleepable as it's purposely
>> situated in the kernel that allows LSMs to directly read out the
>> contents of the backing file if need be. Additionally, it's called
>> directly after securuty_file_open(), and that LSM hook in itself
> 
> *cough*
> 
> "security_file_open()"

Fixed up while applying, thanks!



More information about the Linux-security-module-archive mailing list